Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clash Controller
v1.0.1控制 Clash for Windows 代理:启动、关闭、查看状态、切换节点。触发词:Clash、代理、代理开关、开启代理、关闭代理、代理状态、切换节点。
⭐ 0· 215·0 current·0 all-time
byLostOmato@icenoodle
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description (Clash controller) align with the code and SKILL.md: both target the Clash for Windows External Controller API on localhost. However, the SKILL.md claims '进程控制 - 启动/关闭 Clash for Windows 进程' while the provided code only manipulates proxy settings via the REST API (no process spawn/kill). This is an incoherence between advertised capability and implementation.
Instruction Scope
SKILL.md instructs enabling External Controller and points to a local config path and secret — that's appropriate. The code, however, hardcodes a specific secret value and always targets 127.0.0.1:61222; it does not read the documented config file, environment variables, or implement process start/stop. The skill's runtime instructions give broader expectations than the code actually performs.
Install Mechanism
No install spec (instruction-only) and the included code uses only Node's core http module. Nothing is downloaded from external URLs and no third-party packages are installed. Low install risk.
Credentials
The skill declares no required environment variables or credentials, which fits. But the code embeds a hardcoded 'secret' UUID in cleartext. That is a credential baked into the skill bundle (not exfiltrated), which is inconsistent with SKILL.md examples that show a user-configurable secret. The hardcoded secret may simply make the skill non-functional unless the user's Clash config uses the same secret.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings directly, and only makes local HTTP calls to the loopback address. Its privilege footprint is limited to interacting with the local Clash REST API.
What to consider before installing
This skill primarily talks to the local Clash for Windows REST API and otherwise looks low-risk, but there are a few red flags you should act on before installing:
- The code contains a hardcoded API secret. That means the skill will only work if your Clash external-controller secret exactly matches that value; otherwise it will fail. Consider editing the skill to read the secret from your Clash config or from an environment variable, or change your Clash secret to something you control. Never publish a secret you care about inside a skill bundle.
- The SKILL.md claims the skill can start/stop the Clash process, but the shipped code does not implement process control. If you need process-level control, request or inspect an implementation that uses safe, explicit process APIs instead of relying on undocumented behavior.
- Confirm External Controller is intentionally enabled on your machine and that you are comfortable granting the agent the ability to change proxy routing via that API — it can alter how your network traffic is routed (not exfiltrate data externally, but can change connectivity).
If you are not comfortable editing code, or you don't want an agent able to toggle your system proxy, do not install. If you proceed, review and remove the hardcoded secret or replace it with a read-from-config/env implementation, test in a safe environment, and consider limiting autonomous invocation of the agent that will use this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97d2p17qbyv8gc08t8db2p06182y24z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.